Monday, 3 September 2012

1 Reboot Film Trailer | Upcoming Movie for Security Geeks

If you are a movie buff like me you wouldn't want to miss out on this upcoming short film. The use of Nmap and Metasploit framework is sure to drive you nuts!!!


Liked it? Then check out this link for bonus footage at the official website here.

Saturday, 1 September 2012

0 How Antivirus Detect Viruses and other Malware

Earlier we have discussed what are Viruses and Worms. Generally most users have one or the other antivirus software installed on their systems to protect them from such malware.
But have you ever wondered how these software differentiate between which is a harmless file and what is actually harmful? In this post we'll be taking a look at how an antivirus decides which file is infected.
There are mainly two approaches used to detect a malware by an antivirus software which are in use today:


  • Virus Signature Approach:
             In this approach the antivirus checks the file and compares it with a dictionary of known virus signatures. If any part of code matches with a virus signature, the user is alerted and asked for an action.
The problem with this method is if a new virus is created (many new viruses are created everyday) its signature would not be present in the dictionary and it may be passed by the antivirus as safe. Thus the antivirus should be regularly updated to include definitions for new viruses.
  • Suspicious Behaviour Approach:
             In this approach instead of checking the signature of files the antivirus looks for any suspicious behaviour which may be dangerous. For example, if a program is written to format a hard disk it may be termed as dangerous. Thus any program which shows such behaviour is alerted as a 'virus'. 
But this approach also has its share of cons. Imagine a scenario where a new application is written to format a system on demand. But according to the antivirus it is a dangerous activity and it will be alerted as a virus inspite of not being one. Thus this method generates a lot of false alarms.

Modern Antivirus Programs:

Most modern antivirus programs use a combination of these approaches to detect known and new viruses.
But these approaches alone are not sufficient as there exist methods to encrypt a virus signature which makes it undetectable (UD). So apart from using an antivirus program the user should still work with precautions like not clicking on malicious links, not running programs from unknown sources, etc. to keep their system safe.

Thanks for reading. Hope this article covered the basics of detection process of an antivirus well. You can add your views  in comments and let me know if you feel I missed something.

Friday, 31 August 2012

0 Virus vs Worms

In my previous post we introduced the concept of UTMs. In this post let us take a look at a common security problem.
In our everyday life we often hear people complain how their computer got infected by a 'virus'. Well in reality it may not always be a virus but some other malicious stuff. The correct term to be used in such case is 'malware'.
There maybe different types of malwares like Viruses, Worms, Trojans, Rootkits, etc. In this post we'll take a look at virus and worms.

Viruses:

A computer virus is mostly an executable that attaches itself to a program or a file. It can spread over other systems when such files are shared.
Almost all viruses are attached to an executable file and infect the system when the malicious program is run.
A virus needs a human interaction (like a double-click on an infected file) to spread. Or we can say that a virus does not spread on its own.

A virus can be a simple one like a simple batch command which shuts down a system or it can be more deadlier for example a virus which formats the complete harddisk or corrupts the RAM!!

Worms:

A worm is similar to a virus in design and the kind of damage it produces but unlike a virus, it has the capability to travel over a network without any human interaction.
Worm copies itself over a network.It is a program that views the infection point as another computer rather than as other executables files on an already infected computer

Sunday, 26 August 2012

0 Vulnerability, Exploits & Payloads

You must have come across a recent news article stating a website being hacked and home page turning into something dangerous like "Beware!! We are the Hackers" along with the picture of a skull (in most cases to create horror!!) or page being replaced with some explicit content. Ever wondered how hackers breach the security and break into websites or other systems? Today I will discuss how a hacker approaches a system or a website to hack it. 

To break into any system the person (hacker) searches for its vulnerability and then uses the same vulnerability to break into it. Now a question arises:

What is a Vulnerability?

A vulnerability
 is a security hole in a piece of software or hardware which can provide a potential vector to attack a system.
Thus to compromise a system the first step is to find a vulnerabilty in that system.

Ok suppose a hacker has found a vulnerability in a system or a website. What next? What does he/she do with that vulnerabilty? Here comes the term 'Exploit'.

Exploit:

It is a program whose only work is to take advantage of a vulnerability. Exploits often deliver payloads to a target system.

Payload:

Piece of software that allows an attacker to control the exploited system.

Thus to sum it up, the exploit uses a vulnerability to finally deliver the payload, which actually controls the system.


Do comment and provide your feedback regarding this article. If you find this post useful, don’t forget to tweet and share it on Facebook.

Saturday, 25 August 2012

2 What is a UTM? | Kunal Goel

In the previous post we discussed about a YouTube trick to look inside a Private video. You can read it here. In this post we take a look at a technology which is increasingly being adopted by firms for their security needs.



Unified Threat Management (UTM) is a term used to describe a comprehensive security product which includes protection against multiple threats. It can be thought of as an all in one solution to an organization's security needs. A UTM system integrates a range of security features in a single appliance like
  • Firewall
  • Antivirus Software
  • Anti-Spyware
  • VPN
  • Spam Filtering
  • Content Filtering
  • Intrusion Detection & Prevention
The term was first used by IDC, a provider of market data, analytics and related services.


Advantages of UTM:

The main advantages of a UTM system are
  • Reduced Complexity
  • Cost Effectiveness
  • Single hardware platform &
  • Unified Management Interface
Some major providers of UTM products are Juniper, Cyberoam, Cisco, WatchGuard and many more...

    Saturday, 18 August 2012

    0 YouTube Private Videos Trick | Kunal Goel

    Well we all have used YouTube at one point or the other in our lives for any reason ranging from checking out a newly released music video or at other times maybe for an educational online video tutorial. Whatever maybe the reason, the fact is that YouTube has become an indespensable part of web.

    In the previous post we discussed about some common networking protocols.
    In this Post we'll be having some fun with a youtube trick I discovered while surfing the Internet.

    You may have come across an error on YouTube like the one displayed below while trying to view a video. This is because the video you tried to access was a "Private Video".

    Now what exactly is a "Private Video" on YouTube??
    A private video is one which a user has uploaded and marked as private on his account. Now only that particular user can have access to that video by signing in with his login credentials. The user can also share it with some other accounts and the video will be available to them after logging in.
    To others it will not be accessible and on clicking the url they will be displayed an error message like above.

    Now whenever a video is uploaded on YouTube, a few snapshots of it are cached in the site's servers.
    These snapshots can be accessed using the following links.

    Links:

    http://i.ytimg.com/vi/Enter_Video_Id_Here/0.jpg
    http://i.ytimg.com/vi/Enter_Video_Id_Here/1.jpg
    http://i.ytimg.com/vi/Enter_Video_Id_Here/2.jpg
    http://i.ytimg.com/vi/Enter_Video_Id_Here/3.jpg

    Just replace the "Enter_Video_Id_Here" with id of the video of which you want to view the snapshots.

    How to find the Video Id? 
    Lets take the example of the video in Reboot Movie post
    The URL of any youtube video is of the following type:

    http://www.youtube.com/watch?v=fB4oX4p0AoY&feature=player_embedded

    The text in bold (after v= and upto &feature) is the actual video ID which we need in above step.

    There is a popular saying that a picture can say a thousand words. Thus these stills will give a lot of info about the contents of the video without directly showing the video.
    Try these and Have fun!!!! ;)

    Thanks for reading...
    You can post your YouTube tricks or suggestions for improvement in comments.
    Any kind of feedback would be highly appreciated and help in improving the quality of posts.

    Friday, 17 August 2012

    9 HTTP, SMTP, NNTP and more - Protocols discussed

    In the previous post we gave an introduction about this blog and its contents.
    In this post we'll be introducing some commonly used  protocols.

    First let us see "What is a PROTOCOL?"

    A protocol is a set of formalized rules that explains how data is communicated over a network. Think of it as the language spoken between computers to help them communicate more efficiently.

    Now let us take a look at some protocols and commonly used port numbers for their services:
    • HTTP stands for  HyperText Transfer Protocol. 
    It is the data transfer protocol used on the World Wide Web. 
    It runs on port 80.


    • SMTP stands for Simple Mail Transfer Protocol

    It is a protocol for sending e-mail messages between servers.
    It runs on port 25.

    • NNTP stands for Network News Transfer Protocol
    It is the predominant protocol used by computer clients and servers for managing the notes posted on Usenet newsgroups. 
    It runs on port 119.


    • POP stands for Post Office Protocol

    It is a protocol used to retrieve e-mail from a mail server.
    POP3 runs on port 110.


    • FTP stands for File Transfer Protocol.

    It is a protocol used for exchanging files over the Internet
    It runs on ports 20 & 21.


    • IMAP stands for Internet Message Access Protocol.

    It is a protocol for retrieving e-mail messages.
    It runs on port 143.
     

    TechRaaz Copyright © 2012 | Template created by O Pregador